WannaCry attack: Time for India to consider hiring professionals to build its cyber offensive

As India expands digitally, the burden on this government will increase heavily to keep the data and transactions of a billion Indians secureET CONTRIBUTORS | May 19, 2017, 09:48 IST

By Anjana Menon, Content Pixies

WannaCry, unleashed on hundreds of countries, infected computers and blocked users from their own data, in a matter of hours. Its magnificence in scale was eclipsed by poor execution and low ransom fees — signs of a silly attack. WannaCry’s real lesson is the danger of countries stockpiling cyberweapons and the damage from its use, intentional or otherwise.

Governments everywhere must know that the most crippling wars of the future will be in cyberspace, with no bloodletting. To limit damages, India must build robust counter-intelligence, including a highly capable cyber wing of global experts who are proactive rather than reactive.

WannaCry has demonstrated how a theft at America’s National Security Agency (NSA) surfaced months later to attack a hospital system in Britain. The victim, the National Health Service( NHS), found several hospitals tuned out digitally, resulting in a wide patient shuffle to those that were unaffected. The ransomware had bugged an outdated operating system that hadn’t been plugged with the latest updates.

Some blame for this must rest with the US government. It found a way into a vulnerability in the affected Microsoft operating system, but issued warnings only after the exploit had been stolen by hackers and released online. As Microsoft put it, “It’s like having a Tomahawk missile stolen [from the US military].” This, then, was used to target those who were probably never the intended victims.

Countries poor and rich know that cyberwarfare can cause huge losses or can be used to furtively embarrass establishments by hacking into and exposing classified information — the equivalent of a diplomatic put-down in the new order. As everything from utilities to stock markets squat online, the risk of cyberattacks becomes omnipresent and omnipotent.

So, while the theft of cyberweapons will become commonplace, this risk won’t deter agencies such as the US Cyber Command from nurturing teams of cyber experts capable of launching online attacks on other countries. A Brookings Institution report estimates that some 100 countries are already building cyber military commands.

In this climate, countries that lack their own cyber arsenal and intelligence will always be disadvantaged. As India expands digitally, the burden on this government will increase heavily to keep the data and transactions of a billion Indians secure — not just on computers, but the more ubiquitous mobile phone.

That means making sure thousands of different agencies, offering everything from government services to selling goods, keep data secure on multiple operating systems. It’s not a light task.

In 2007, Estonia, which invested heavily in digitising services, found itself throttled after it ignored warnings and removed a Russian memorial statue from the centre of town. Soon after, Estonia ground to a halt. Its citizens couldn’t even get news online, let alone access services. Though Russia never claimed responsibility for the attack, it gave the world a taste of how cyberwarfare could be used in lieu of military bullying. That was a decade ago.

Trouble is, the next generation of cyberattacks will not be from a bunch of hackers in hoods. It will most likely be driven by machines, in which artificial intelligence (AI) and neural learning will be big players, for attack and defence.

Research institutions have already demonstrated systems such as Ai Squared, an initiative led by the Massachusetts Institute of Technology (MIT), which uses AI and analyst intuition to spot cyberattacks. Systems similar to these are the ones that India needs to have as part of its arsenal. Given India’s raw economic ambitions and troubled relations with some of its neighbours, it will always make for a target.

Managing this situation needs a sophisticated approach. While India has avast pool of talented coders, it sharply lags behind the West on AI and neural learning.

Infosys has unwittingly acknowledged this weakness by agreeing to set up innovation hubs in the US and hire 10,000 Americans to focus mostly on technologies of the future. So, the Indian government must now also think more like a big business, which wants to stay not just in the game but on top of it.

For too long, the Indian administration has been bound to hiring only its citizens for top policy and administrative roles. It must now consider the limitations this poses. In the cyber-driven world, it may be better off hiring the best available global professionals to build systems for its cyber offensive.

In the future, hostility will be borderless and reside online. Its only defence will be a high level of readiness that cuts across borders.

(The author is the CEO of Content Pixies. Views expressed above are the author's own)